Make HeaderValue::set_sensitive available in const contexts#808
Open
archer-321 wants to merge 1 commit intohyperium:masterfrom
Open
Make HeaderValue::set_sensitive available in const contexts#808archer-321 wants to merge 1 commit intohyperium:masterfrom
HeaderValue::set_sensitive available in const contexts#808archer-321 wants to merge 1 commit intohyperium:masterfrom
Conversation
Member
|
The MSRV doesn't like the |
Some applications like OAuth clients for GitHub or Forgejo are forced to embed a client password into the application, even if the client is considered public. Make `HeaderValue::set_sensitive` available in const contexts to allow applications to mark embedded headers as sensitive. Warn developers in `set_sensitive`'s documentation that embedded secrets are trivial to dump and should not be considered secure. Closes: hyperium#807
archer-321
force-pushed
the
feature/set_sensitive-const
branch
from
d22829c to
c837995
Compare
Author
Oops, I didn't remember inline- |
Member
Oh that's interesting... was that relaxed in newer versions? |
Author
|
It seems like this was added in Rust 1.83: https://blog.rust-lang.org/2024/11/28/Rust-1.83.0/#new-const-capabilities In this case, this PR would have to be put on hold until the MSRV is increased in the future. Personally, I wouldn't consider this change important enough to warrant an MSRV bump on its own. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Make
HeaderValue::set_sensitiveconstto allow applications to embed sensitive header values statically.Considering embedded client secrets are generally a red flag, add a comment to the method's documentation to urge developers not to consider embedded sensitive values secure.
constuse ofset_sensitiveshould be limited to use cases where the developer is aware that the embedded secret will be world-readable.This PR implements #807